Overview

overview

10

Static

static

Shipment doc.exe

windows7-x64

10

Shipment doc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d980abe9f8e702a47b8716f45d36519d0250dd7e42620802b3922e8937947532

  • Size

    387KB

  • Sample

    221127-r7pjxaeg78

  • MD5

    c44a6b41984315bbcb7696bcc63d9904

  • SHA1

    f54d26501e363cf68f610063ece658aa618f419f

  • SHA256

    d980abe9f8e702a47b8716f45d36519d0250dd7e42620802b3922e8937947532

  • SHA512

    4edaed3a160ca025623d177fd39fe2c44507b11adb7f15f669478b8887343fd1307751e6438a017d6f8a0337db803f4fc434ed7b298242fdbe201cd851ae313e

  • SSDEEP

    12288:NpwL2ukoEOC/8ktGSsesW2jgSi0VAMVsL4EfTjC66:NpwLNkECEktGSns9gTMVruTjn6

Score
10/10
isrstealercollectionspywarestealertrojanupx

Malware Config

Targets

    • Target

      Shipment doc.exe

    • Size

      431KB

    • MD5

      7267866e61ab496ef241adb843643536

    • SHA1

      63ab40146c9f186b0c6a20b623f25f8eb58b6173

    • SHA256

      3ab5088c86cf977cb96bfb1616f8f9ec791d6e3356e346364f4255370973f5d0

    • SHA512

      74521abfe1f7bf286a7873e61b4e104b1f2923678dbda82e90e7e3c8abf9f61dfe200de88ac75f7bb99d9b095deb98fc7aa89210c90469b36ed38cf8f49bb104

    • SSDEEP

      12288:M5yqoY2ukkEOG/8k3GSmksW2FgSiKVAEVsL4EfBj:6Nk4GEk3GSFsDgpEVruBj

    Score
    10/10
    isrstealercollectionspywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks